Personal Blog of Thomas Hampel - Creative Mythbusting in Development and Collaboration

Upcomming Trips

Social Networks

Popular Articles

Winmail.dat

Who am I?

Feeds

 Content
 Comments

Recent Entries

New HCL Domino Marketplac
Welcome Domino License An
HCL Domino Community Meet
Welcome Domino License An
HCL & DNUG Community
Previous Document Next Document

Profile documents and Author rights in ACL

Thomas Hampel
 30 July 2012
What if a developer is using user specific profile documents to store some settings in a Domino application.
In this example users have Author access with the ability to create new documents and the ability to write public documents, no roles and no reader or author name fields are used in any document.
Image:Profile documents and Author rights in ACL

I'm wondering why users are not able to modify their own profile document by using the simple formula @Command([EditProfile]; "profile"; @Username)
Of course developers will refer to the Designer Help or this technote where IBM clearly states:

In order to edit profile documents, including your own profile, using @Command([EditProfile]), you must have at least Editor access or Author access in the ACL plus inclusion in an Author field.

so it sounds like the user name must be listed in an author name field in order to modify an existing userprofile.

Unfortunately in reality it seems to be working slightly different... see this example:
I've created a new form to be used as a profile document, the form contained only a single field
Image:Profile documents and Author rights in ACL
Additionally I've created a small agent with the following code:

Sub Initialize
       Dim s As New NotesSession
       Dim doc As NotesDocument
       Dim ws As New NotesUIWorkspace
       
       Set doc = s.currentdatabase.Getprofiledocument("profile", s.Effectiveusername)
       
       '# allows to modify the field values in the backend
       Call doc.Replaceitemvalue("Test", "test")
       Call doc.Save(true, false)
       
       '# allows to modify field values using the frontend
       Call ws.Dialogbox("profile", true, true, false, false, false, false, "Test", doc, false, false, false)
       Call doc.Save(True, False)
       
       '# does NOT allow to modify the document
       Call ws.Editprofile("profile", s.Effectiveusername)
End Sub

It seems like its possible to modify userprofile documents (which dont have an author name field) even when you dont have author access to the document itself.
To clarify: the application was put on a server and access rights were limited to Author.
Image:Profile documents and Author rights in ACL

I'm wondering if there's any good explanation for this behavior.
Update : The problem has been filed as SPR (Software Problem Report) # RGAU8WZE2X and the Customer Report, APAR # LO71028 was created.
Tagged with: Code Development Notes
Comments
No Comments Found
Go ElsewhereSubscribe to RSSAboutStay ConnectedAnd More
Thomas Hampel, All rights reserved.